popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

repack.exe

UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 18, 2023, 7:16 a.m. July 18, 2023, 7:20 a.m.
Size 2.4MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 d072480d939a819969bab643d14dbab8
SHA256 d8557a8feb4555c4daa426b0c26881712b4be22610caf924079a454150611736
CRC32 467A3507
ssdeep 49152:o/uuVcm6Irb/TqvO90d7HjmAFd4A64nsfJiFCyESgyyRzUxD1TR9nm4JjaX:q64EV
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
section {u'size_of_data': u'0x00023600', u'virtual_address': u'0x001e5000', u'entropy': 7.993208350041133, u'name': u'/19', u'virtual_size': u'0x000235e6'} entropy 7.99320835004 description A section with a high entropy has been found
section {u'size_of_data': u'0x00006800', u'virtual_address': u'0x00209000', u'entropy': 7.925516857017483, u'name': u'/32', u'virtual_size': u'0x0000672f'} entropy 7.92551685702 description A section with a high entropy has been found
section {u'size_of_data': u'0x00064800', u'virtual_address': u'0x00211000', u'entropy': 7.997736645381587, u'name': u'/65', u'virtual_size': u'0x00064618'} entropy 7.99773664538 description A section with a high entropy has been found
section {u'size_of_data': u'0x00025200', u'virtual_address': u'0x00276000', u'entropy': 7.989864084136299, u'name': u'/78', u'virtual_size': u'0x000251c9'} entropy 7.98986408414 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000b800', u'virtual_address': u'0x0029c000', u'entropy': 7.800992946518938, u'name': u'/90', u'virtual_size': u'0x0000b718'} entropy 7.80099294652 description A section with a high entropy has been found
entropy 0.30658105939 description Overall entropy of this PE file is high
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fondrhost reg_value C:\Users\test22\AppData\Roaming\fondrhost\fondrhost.exe
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
Bkav W32.Common.EF873E84
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
DrWeb Trojan.Siggen20.63498
MicroWorld-eScan Trojan.GenericKD.67468219
FireEye Trojan.GenericKD.67468219
ALYac Trojan.GenericKD.67468219
Cylance unsafe
Zillya Trojan.ClipBanker.Win32.16556
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
Alibaba TrojanBanker:Win32/ClipBanker.0e0a8d84
K7GW Riskware ( 0040eff71 )
Cybereason malicious.f672c1
Cyren W64/ABRisk.OAJG-5167
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Generik.IIAYTZH
APEX Malicious
Kaspersky Trojan-Banker.Win32.ClipBanker.ymy
BitDefender Trojan.GenericKD.67468219
Avast Win64:Malware-gen
Tencent Win32.Trojan-Banker.Clipbanker.Yimw
F-Secure Trojan.TR/Spy.Banker.hriip
VIPRE Trojan.GenericKD.67468219
TrendMicro TROJ_GEN.R002C0XFF23
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Avira TR/Spy.Banker.hriip
Antiy-AVL Trojan[Banker]/Win32.ClipBanker
Gridinsoft Ransom.Win64.Wacatac.cl
Arcabit Trojan.Generic.D4057BBB
ZoneAlarm Trojan-Banker.Win32.ClipBanker.ymy
GData Trojan.GenericKD.67468219
Cynet Malicious (score: 100)
VBA32 TrojanBanker.ClipBanker
MAX malware (ai score=83)
Malwarebytes Malware.AI.3868926549
TrendMicro-HouseCall TROJ_GEN.R002C0XFF23
Ikarus Trojan.SuspectCRC
MaxSecure Trojan.Malware.209869734.susgen
Fortinet W32/PossibleThreat
AVG Win64:Malware-gen
Panda Trj/Chgt.AD
CrowdStrike win/malicious_confidence_100% (W)